An adaptive real-time intrusion detection system using sequences of system call

Author

Lu, Kaining ; Chen, Zehua ; Jin, Zhigang ; Guo, Jichang

Author_Institution

Sch. of Electron. Inf. Eng., Tianjin Univ., China

Volume

2

fYear

2003

fDate

4-7 May 2003

Firstpage

789

Abstract

Intrusion detection is the process of monitoring computer networks and systems for violations of security policy. IDS may be of the network (NIDS) or host (HIDS) type. Traditionally, NIDS is the only way of preventing intrusion before an intrusion occurs through analyzing data packages, but has higher false rates. Although with lower false rates, HIDS detects anomalous actions by auditing host system logs that means the intrusion has took place. In this paper, we present one collaborate IDS module to make a real-time detection and block intrusions before occurrences, based on HIDS using sequences of system call anomaly detection.

Keywords

computer networks; data analysis; real-time systems; telecommunication security; adaptive real-time intrusion detection system; anomalous detection; block intrusion; computer network monitoring; data package analysis; host intrusion detection system; host system log auditing; intrusion prevention; network intrusion detection system; real-time detection; security policy; system call sequence; system violation; Computer networks; Computer security; Computerized monitoring; Data analysis; Data security; Information security; Intrusion detection; Packaging; Protocols; Real time systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on

ISSN

0840-7789

Print_ISBN

0-7803-7781-8

Type

conf

DOI

10.1109/CCECE.2003.1226013

Filename

1226013